Vulnerable-Web-Application/SQL/sql1.php

<!DOCTYPE html>
<html>
<head>
	<title>SQL Injection</title>
	<link rel="shortcut icon" href="../Resources/hmbct.png" />
</head>
<body>

	 <div style="background-color:#c9c9c9;padding:15px;">
      <button type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>
      <button type="button" name="mainButton" onclick="location.href='sqlmainpage.html';">Main Page</button>
	</div>

	<div align="center">
	<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >
		<p>John -> Doe</p>
		First name : <input type="text" name="firstname">
		<input type="submit" name="submit" value="Submit">
	</form>
	</div>


<?php 
	$servername = "localhost";
	$username = "root";
	$password = "";
	$db = "1ccb8097d0e9ce9f154608be60224c7c";

	// Create connection
	$conn = mysqli_connect($servername,$username,$password,$db);

	// Check connection
	if (!$conn) {
    	die("Connection failed: " . mysqli_connect_error());
	} 
	//echo "Connected successfully";
	
	if(isset($_POST["submit"])){
		$firstname = $_POST["firstname"];
		$sql = "SELECT lastname FROM users WHERE firstname='$firstname'";//String
		$result = mysqli_query($conn,$sql);
		
		if (mysqli_num_rows($result) > 0) {
        // output data of each row
    		while($row = mysqli_fetch_assoc($result)) {
       			echo $row["lastname"];
       			echo "<br>";
    		}
		} else {
    		echo "0 results";
		}
	}
	
 ?>
</body>
</html>
Create sql1.php 2018-11-27 13:26:36 +00:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<title>SQL Injection</title>`
Update sql1.php 2018-11-29 16:56:48 +00:00			`<link rel="shortcut icon" href="../Resources/hmbct.png" />`
Create sql1.php 2018-11-27 13:26:36 +00:00			`</head>`
			`<body>`

Update sql1.php 2018-11-29 23:43:01 +00:00			`<div style="background-color:#c9c9c9;padding:15px;">`
			`<button type="button" name="homeButton" onclick="location.href='../homepage.html';">Home Page</button>`
			`<button type="button" name="mainButton" onclick="location.href='sqlmainpage.html';">Main Page</button>`
			`</div>`

			`<div align="center">`
Create sql1.php 2018-11-27 13:26:36 +00:00			`<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post" >`
			`<p>John -> Doe</p>`
			`First name : <input type="text" name="firstname">`
Update sql1.php 2018-11-30 00:18:10 +00:00			`<input type="submit" name="submit" value="Submit">`
Create sql1.php 2018-11-27 13:26:36 +00:00			`</form>`
Update sql1.php 2018-11-29 23:43:01 +00:00			`</div>`
Create sql1.php 2018-11-27 13:26:36 +00:00

			`<?php`
			`$servername = "localhost";`
			`$username = "root";`
			`$password = "";`
Update sql1.php 2018-11-29 17:12:47 +00:00			`$db = "1ccb8097d0e9ce9f154608be60224c7c";`
Create sql1.php 2018-11-27 13:26:36 +00:00
			`// Create connection`
			`$conn = mysqli_connect($servername,$username,$password,$db);`

			`// Check connection`
			`if (!$conn) {`
			`die("Connection failed: " . mysqli_connect_error());`
			`}`
			`//echo "Connected successfully";`

			`if(isset($_POST["submit"])){`
			`$firstname = $_POST["firstname"];`
			`$sql = "SELECT lastname FROM users WHERE firstname='$firstname'";//String`
			`$result = mysqli_query($conn,$sql);`

			`if (mysqli_num_rows($result) > 0) {`
			`// output data of each row`
			`while($row = mysqli_fetch_assoc($result)) {`
			`echo $row["lastname"];`
			`echo "<br>";`
			`}`
			`} else {`
			`echo "0 results";`
			`}`
			`}`

			`?>`
			`</body>`
			`</html>`